The information in this document is based on these software and
hardware versions:

PIX Firewall 535

PIX Firewall software release 7.1(1)

Note: The PIX 500 Series version 7.x/8.x runs the same software seen in
ASA 5500 Version 7.x/8.x. The configurations in this document apply to both
product lines.

Cisco 2600 router

Cisco IOS® Software Release 12.3.14T

The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.

Note: If you use Transport Layer Security (TLS) encryption for e-mail
communication then the ESMTP inspection feature (enabled by default) in the PIX
drops the packets. In order to allow the e-mails with TLS enabled, disable the
ESMTP inspection feature as this output shows. Refer to Cisco bug ID
CSCtn08326
(registered customers only)
for more information.

debug icmp trace—Shows whether Internet
Control Message Protocol (ICMP) requests from the hosts reach the PIX. You need
to add the access-list command to permit ICMP in
your configuration in order to run this debug.

Note: In order to use this debug, make sure you allow ICMP in the
access-list outside_int as this output shows:

logging buffer debugging—Shows connections
that are established and denied to hosts that go through the PIX. The
information is stored in the PIX log buffer, and the output can be seen with
the show log command.